How to Enable TUN Mode in Clash Verge Rev: Windows Setup Guide

Understanding TUN Mode: Why You Need It on Windows

When you first install Clash Verge Rev on Windows, you likely rely on the "System Proxy" toggle. While this works perfectly for most web browsers like Chrome or Edge, it has significant limitations. Many applications—including competitive games, terminal consoles (CMD/PowerShell), and background synchronization tools—simply ignore the system-level HTTP proxy settings. This is where TUN Mode becomes essential.

TUN Mode (short for Network Tunnel) creates a virtual network adapter on your Windows machine. Instead of relying on applications to "voluntarily" use a proxy, TUN Mode intercepts all network traffic at the IP layer. This ensures that every packet, whether from a git clone command or a Steam game, is processed by your Clash rules. In 2026, as more applications use custom protocols and bypass traditional proxy methods, mastering TUN Mode is the difference between a partial proxy and a true system-wide solution.

In this guide, we will walk through the specific steps to enable TUN Mode in Clash Verge Rev, covering the installation of the Kernel Service, configuration of the YAML settings, and troubleshooting common Windows 10/11 network conflicts.

Step 1: Installing the Clash Verge Service

Unlike standard proxy modes, TUN Mode requires administrative privileges to create and manage a virtual network interface. To ensure Clash Verge Rev can handle this without prompting you for a password every time you reboot, you must install the Clash Verge Service.

1. Open Clash Verge Rev and navigate to the Settings tab on the left sidebar.
2. Locate the Clash Verge Service section under the "App" or "General" category.
3. Click the Install button. A Windows User Account Control (UAC) prompt will appear; click Yes to grant administrative permission.
4. Once installed, the status should change to Active or Running. This service allows Clash to manage the virtual network adapter required for TUN Mode.

If you encounter an error during installation, ensure that your antivirus or Windows Defender isn't blocking the service registration. Some security suites flag virtual network drivers as "suspicious" due to their deep-level network access.

Step 2: Core Selection and Capability

Clash Verge Rev supports multiple cores, but for the best TUN Mode experience in 2026, you should be using the Mihomo (formerly Clash Meta) core. The Mihomo core has native, high-performance TUN implementation that outperforms the legacy Clash Premium core.

To verify your core, go to Settings → Clash Core. Ensure "Mihomo" is selected. This core supports advanced features like auto-route and auto-detect-interface, which simplify the setup process significantly. If you are still using a legacy core, your TUN performance may be unstable, especially during high-bandwidth tasks like 4K streaming or large file downloads.

Step 3: Configuring TUN Settings in YAML

While the Verge Rev GUI provides a toggle for TUN Mode, the actual behavior is governed by your configuration file. You can either use the Override feature in Verge Rev or manually edit your profile to include the following block:

tun:
  enable: true
  stack: system # Options: system, gvisor, mixed
  auto-route: true # Automatically set the default route
  auto-detect-interface: true # Automatically identify the physical outbound interface
  dns-hijack:
    - any:53
    - tcp://any:53

Choosing the Right Stack

The stack parameter determines how packets are processed. For most Windows users, system is the most stable and performant. However, if you experience compatibility issues with specific VPNs or corporate software, gvisor provides a user-space implementation that is more isolated from the OS kernel, though it may have a slight performance overhead.

Step 4: DNS and Fake-IP Configuration

TUN Mode is only as good as its DNS configuration. If your DNS queries leak to your ISP, many blocked sites will still fail to load, or you may experience "DNS Pollution." To prevent this, you should use Fake-IP mode when TUN is active.

By using Fake-IP, Clash tells Windows that "google.com" is located at a local address like 198.18.0.1. When Windows tries to send data to that address, the TUN adapter catches it and asks Clash where it should actually go based on your rules. This eliminates the need for the OS to perform a real DNS lookup that could be intercepted by local filters.

Step 5: Activating the Toggle and Verification

With the service installed and the configuration set, it's time to flip the switch. Navigate to the Dashboard or Settings and toggle TUN Mode to ON.

To verify that TUN Mode is working correctly on Windows, follow these checks:

• Check Network Adapters: Open "Network Connections" in the Windows Control Panel. You should see a new adapter named "Clash" or "Meta."
• Test the Terminal: Open PowerShell and type curl.exe -v https://www.google.com. If it connects successfully without you setting an environment variable, TUN is capturing terminal traffic.
• Check Connection Logs: In Clash Verge Rev, go to the Connections tab. You should see "Process" names like chrome.exe, discord.exe, or system appearing in the list.

Common Troubleshooting: Windows Issues

Windows network management can be aggressive, sometimes conflicting with Clash's TUN interface. Here are the three most common issues and how to fix them:

Issue 1: Connected but No Internet

This usually happens when auto-route fails or there is a DNS loop. Check if you can ping a raw IP address (like ping 1.1.1.1). If the ping works but websites don't load, your DNS configuration is the culprit. Ensure dns-hijack is correctly targeting port 53.

Issue 2: Conflict with Other VPNs

If you use tools like WireGuard, Cisco AnyConnect, or OpenVPN alongside Clash, they may fight for control over the system routing table. Try changing the stack to gvisor or disabling the other VPN's "Kill Switch" feature, which often prevents other virtual adapters from functioning.

Issue 3: Driver Signature Errors

On some highly secured Windows 10/11 versions, the virtual network driver may be blocked. Ensure you are using the latest version of Clash Verge Rev, as maintainers frequently update the drivers to comply with new Windows security patches.

Optimizing Performance for Gaming and Work

Once TUN Mode is stable, you can optimize it for specific workloads. For gaming, you want to minimize the overhead of the TUN stack. Using stack: system is generally the fastest. Additionally, you can use the skip-proxy or bypass list in your configuration to ensure that local traffic (like your printer or local NAS) doesn't go through the TUN processing, reducing latency for local resources.

For developers, TUN Mode is a lifesaver for Docker and WSL2. Since WSL2 shares the Windows network stack in certain configurations, enabling TUN Mode on the host often automatically proxies your Linux environment without needing to mess with .bashrc or .zshrc proxy exports.

Summary and Final Thoughts

Enabling TUN Mode in Clash Verge Rev transforms your proxy experience from a browser-only tool into a robust, system-wide network engine. While the initial setup requires a few more steps than a simple toggle, the benefits for gaming, development, and overall privacy are well worth the effort. By following the service installation, selecting the Mihomo core, and properly configuring your DNS, you can ensure a seamless experience on Windows 10 and 11.

Compared to other GUI clients that often hide these settings behind obscure menus or require manual driver injection, Clash Verge Rev provides a relatively streamlined path. However, many generic "one-click" VPNs fail to offer the granular control over rules and DNS that Clash provides, often leading to leaked data or poor performance in complex network environments. ClashSource offers a more transparent and powerful alternative for users who value both performance and privacy.

If you're ready to take full control of your Windows networking, Download ClashSource and finish your setup in just a few minutes following this guide.